English

Abstract

Virtualization is the main underlying technology for cloud computing. The popularity of cloud computing had expanded rapidly over the past few years. As any new technology advancement, cloud computing also has vulnerability possibilities and potential security risks. Therefore it is important to study and understand the underlying technologies in cloud computing and test any possible loophole that may give advantages for malware and attackers. Virtual machine (VM) is one of the basic component in cloud computing. VM itself is a program that executes multiple operating systems on one physical machine. Due to the complexity of the VM, together with the complex setting of the network environment and physical machine technology during the implementation of VM environment, vulnerability in the environment may occur. For example, the ability of malware to detect either the environment that they are attacking is on VM or not. Through this detection, the malware or attackers may hide its malicious program since VM are commonly used as defensive system for malware detection, such as honeypots. In this paper, we present a remote detection technique for VM that uses IP timestamp option in full virtualization that could be used to detect VM environment and contributing to VM vulnerability. Evaluation of this technique was done by examining and analysing the characteristic of IP packet timestamps replies from VM and real machine. This research finding could serve as new knowledge for further studies on how to provide comprehensive protection from VM vulnerability. This research also could formulate more effective security improvement that could lead to better security policy towards VM technology.